Tag Archives: linode

Computing, Jobs and Employment, TermiHouse, Uncategorized, University, Weirdness

Tips and Stuff

Leave a comment

I have recently moved to a new virtual server hosting provider, Linode have hosting centres in 4 locations in the US and allow you to pick which centre you would like your server in. They have a great web user interface and are cheaper than my previous provider, Slicehost. So now I am paying about half what I was for hosting. I have also got away with using a lot less memory for my virtual server, by implementing some different ways of getting around spam.

Realtime DNS Block Lists (DBL)

DBL’s store a list of known IP addresses which should not be trusted when receving mail, either they are IP’s assigned to home machines (DSL/Cable clients) or known spammers caught out by traps. There are a few DBL’s, but until now I have only been using one – Spamhaus, but sadly this doesn’t catch most spammers. I have now been through my configuration and included a few more DBL’s which are listed below. The advantage of this is that looking up an IP in a DBL is not processor or RAM intensive and does not require an external program – like Spamassasin. I have also implemented a few features in postfix which allow the looking up of hosts who try to exchange mail with my server, if the hostname they are giving doesn’t match their actual hostname or they have no A record or MX record for the domain they are using, postfix will end the connection.

smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_unauth_pipelining,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_rbl_client dnsbl.sorbs.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client b.barracudacentral.org,
#reject_rbl_client t1.dnsbl.net.au,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client dnsbl.ahbl.org,
permit_mx_backup

It is very important that “permit_mx_backup” goes at the end, because I am finding that spammers will take advantage of backup MX servers to get their spam accepted in some way, which then causes a lot of dead return to sender messages in your queue later.

With the “reject_rbl_client” lines I have in this config, I don’t have to use Spamassasin or other spam anaylsis programs at presnt, the few spams I am getting are minimal and may have been things I accidentially signed up to in the past! t1.dnsbl.net.au was blocking Google Mail last night, which is why I have blocked it. barracudacentral.org requires that you sign up to use their service first.

Moving MySQL

I have to admit that I am no programmer; Systems Administration, Network Administration and troubleshooting come fairly easily to me, but programming has always passed me by. I have often just blindly copied something someone else has done to get by and I remember when I was young spending hours typing in source code from magazines to see try out programs and stuff!

So when it comes to SQL people say “well its not that hard, its mostly english!” but you have to remember the order things go in and weather a line needs a ; at the end, etc… I have tried to get into PHP and stuff, but I just get really bored and give up. I have a load of programming books on C and PHP if anyone is interested!

I use some SQL on my server – WordPress, which makes this blog work uses MySQL… but to keep it going I had to move it from my old server to my new one.

I followed the usual instructions, to backup your databases use:

mysqldump -u root -p --all-databases > database_backup.sql

And then to restore:

mysql -u root -p < database_backup.sql

Then presto and everything is back, but is it working? Well it might be a good idea to try:

/etc/init.d/mysql restart

Because when you import your old databases, you overwrite the passwords for the users that are stored in them. In the file /etc/mysql/debian.cnf there are settings for a user called debian-sys-maint which is setup when you install MySQL. A password is generated for this user and then stored in the file, when you import all databases you overwrite the users database which then overwites this password, causing debian-sys-maint to be unable to access the database and a failure when you try to start MySQL, although the daemon is running.

phpMyAdmin is your friend here, because you need no knowledge of SQL commands to go in and change the password for a user, therefore fixing this nasty problem! Once you’ve done that you can then use this command to stop MySQL (as /etc/init.d/mysql stop won’t work):

kill | cat `/var/run/mysqld/mysqld.pid`

Then go ahead and start MySQL as normal:

/etc/init.d/mysql start

Uninterruptible Power Supplies and their lack of Uninterruptible-ness

An Uninterruptible Power Supply or UPS is a big battery that will keep your computer running if the power goes off, it will also protect it from surges and incidents when the power dips to what it should be. They are very useful for when you need to move things around or if you have electricity that you have to pay for in advanced (and will therefore be switched off automatically if you have no credit).

I have had small UPS’s for a few years which are about enough to keep an average desktop PC going for about 10 mins if the power fails. However, I have recently had to start dealing with them at work, since we have moved away from Co-located hosting to hosting our servers at our office. When you are running UPS’s commerically, the need for power cannot be overstated – you need things to be as overkill as possible! Most UPS’s (anything designed for keeping more than just one PC going) will have overload detection and if the UPS detects an overload, it will start to shut itself down – because if the power were to be lost, the batteries could not take the load and the servers connected would not be able to shutdown gracefully.

However this means that mains power is lost to these connected servers and hence zap – no power… Well, in our case it means a 50% reduction in power as the servers have 2 PSU’s each which are redunant. However, it is not so easy to build redundancy into a network, and taking out the UPS that the network switches are connected to will take down the servers as they can’t talk to the outside world… resulting in my mobile phone ringing and someone giving me grief that they can’t do any work!

Teamed Network Cards are network cards that can run in pairs (or more) providing greater throughput or redundancy if they are connected to different switches (in different UPS’s!) however my employer apparently has little interest int he redundancy aspect of this and uses teaming only for throughput… why have 1Gb/s when you can have 2Gb/s?!

After this happening twice today, I had to bypass the UPS’s entirely as they were getting less reliable than the service from the electricity provider!

Whilst I like my job, I hate the fact that my employer prefers to buy his parts on eBay and expects great performance from a limited budget!

Well, I think that is all for tonight… until next time (in the imortal words of Sara Cox) – “rave safe kids, rave safe!”